CISO Stories Podcast (Audio)
202 episodes - English - Latest episode: 4 days ago - ★★★★★ - 8 ratingsSC Media, and our sponsor Arctic Wolf, are proud to present this month's CISO Stories program. Each month, the CISO Stories Program explores a cybersecurity topic selected by CyberRisk Alliance’s CISO Community and provides content that examines that topic from a variety of perspectives. Hosted by Todd Fitzgerald, best-selling author of CISO COMPASS, the CISO Stories weekly podcast features content powered by the 1,100+ members of CyberRisk Alliance’s CISO Community.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
The Challenges of Managing Security in an IT/OT Environment - John Germain - CSP #171
April 23, 2024 14:00 - 28 minutes - 51.6 MBFor manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar of traditional IT processes. For critical infrastructure, we are hooking up legacy systems to larger networks. Industrial control systems, that we...
The Importance of OT Security: The Evolving Threat Landscape - Ken Townsend - CSP #170
April 16, 2024 14:00 - 30 minutes - 55 MBManufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intellectual property theft: • Financial losses: Ransomware attacks can cripple operations and demand hefty payments. Manufacturing is a lucrative targe...
Tips for a Successful Cyber Resilience Program - Olusegun Opeyemi-Ajayi - CSP #169
April 09, 2024 14:00 - 31 minutes - 42.9 MBThe cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either continue functioning or can recover quickly when faced with cybersecurity attack. This segment is sponsored by Arctic Wolf. Visit https://www.cisosto...
Operational Technology (OT) and the Art of War - Glenn Kapetansky - CSP #168
April 02, 2024 14:00 - 32 minutes - 44.6 MBOperational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability to be updated, and robustness (often, OT failures can endanger lives). More recently, as cyber warfare evolves, OT is one of two main attack vecto...
Third-Party Risk Management - BEC Compromises and the Cloud - Michael Swinarski - CSP #167
March 26, 2024 14:00 - 23 minutes - 42.2 MBThird-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ecosystem. We have seen the threat landscape change in the last few years. It has always been important to properly identify, categorize, and addr...
52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166
March 19, 2024 04:00 - 30 minutes - 55.5 MBSchneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at every level (R&D, Design, Manufacturing, Distribution, Staging, Commissioning and Operating). This approach is guided by policies and regulations, con...
Securing Connections: 3rd Party Risk Mgmt Expert Insights - Charles Spence - CSP #165
March 12, 2024 14:00 - 30 minutes - 56.6 MBBreaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-political risk, environmental concerns to maintain business resiliency. This segment is sponsored by VISO TRUST. Visit https://cisostoriespodcast.com/...
A Printout on Secure by Design When Utilizing 3rd Parties - Bryan Willett - CSP #164
March 05, 2024 15:00 - 24 minutes - 44.5 MBWith CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the...
Intelligent Generative AI Handling - Aaron Weismann - CSP #163
February 27, 2024 15:00 - 26 minutes - 47.7 MBGenerative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implications, particularly in the healthcare space, are significant where AI-driven care decisions can drift away from optimal care and have the potential to...
Responsible Use and Vetting of AI Solutions - Jon Washburn - CSP #162
February 20, 2024 15:00 - 32 minutes - 45.3 MBResponsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Rat...
The Business Side of AI - Edward Contreras - CSP #161
February 13, 2024 15:00 - 23 minutes - 44 MBArtificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to corpo...
Generative AI and Corporate Security – Getting it Right - Bill Franks - CSP #160
February 06, 2024 15:00 - 32 minutes - 44.4 MBGenerative AI has hit the world by storm, but unfortunately is widely misunderstood. While it brings great promise for companies, it also has risks. As employees and corporate applications begin making use of generative AI, it is important to ensure that proper safety and security mechanisms are put in place to allow value to be obtained while minimizing risk. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges wi...
Better CISO Health in the New Year: From Burnout to Balance - Steve Shelton - CSP #159
January 30, 2024 15:00 - 29 minutes - 53.3 MBHeidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout. In Steve’s 20 years of software sales, significant stress and burnout have been longstanding issues that have yet to be effectively addressed and have negatively impacted his own life and those in the industry. There exists an opportunity to help cyber defenders protect themselves and their teams from these issues, enhancing...
Cloud Security Staffing in a Hybrid World – It Can Be Done! - Larry Lidz - CSP #158
January 23, 2024 15:00 - 30 minutes - 42.1 MBOver the course of two years, and during the pandemic, we established a new security team and grew that team from five cloud security people to over eighty. What was our talent strategy to enable that rapid growth, how did we find the right talent in a tight market, and what did we learn from the approach? Additionally, what rituals and tactics served us well to build team identity and collaboration in a hybrid world? Through all this, how do we ensure we prioritize diversity and inclusion i...
You want the CISO Title & Pay? Responsibility Comes Also! - Malcolm Harkins - CSP #157
January 16, 2024 10:00 - 35 minutes - 64.5 MBIntegrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra Fitzgerald, T. 2019...
Reimagining Risk in the Emerging Cloud: A GRC Perspective - Solomon Ugah - CSP #156
January 09, 2024 15:00 - 28 minutes - 38.6 MBMore and more services and products are being cloud-delivered. This leads to a concentration of risk in the hands of a few industry players and a few jurisdictions. It means risk needs to be addressed and thought about differently. Join us as we discuss managing cloud risk from a Governance, Risk and Compliance (GRC) perspective. Fitzgerald, T. 2019. Chapter 1: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st ...
Why Don’t We Care About Identity Security? - Don Baham - CSP #155
January 02, 2024 00:00 - 27 minutes - 50.1 MBIdentity & Access Management - Why do organizations still insist that provisioning/deprovisioning is an IT function? Effective IAM requires collaboration across the business units and responsibilities for multiple departments. Join us as we discuss IAM and some of the challenges organizations are facing today to secure the perimeter – the identity perimeter. Fitzgerald, T. 2019. Chapter 5 Cybersecurity Organization Structure in CISO COMPASS: Navigating Cybersecurity Leadership Challenges w...
High Consequences Cyber: Make or Break the CISO’s Reputation - Andy Jaquith - CSP #154
December 26, 2023 15:00 - 29 minutes - 40.5 MB“High Consequences Cyber” are high-risk, high-stakes cyber projects that can make or break a company or make or break the CISO’s reputation. These include issues such as, how do you architect your networks if you are a multinational with exposure to high-risk countries? What are key choices you can make when moving critical workloads such as email and collaboration to the cloud? What's the role of authentication in the age of cloud, and why do companies keep messing it up? How do you educate...
Four Pieces of Transitional Advice: Incoming CISOs - Sean Zadig - CSP #153
December 19, 2023 15:00 - 32 minutes - 59.5 MBThere’s been a boom of sudden CISOs for regulatory and practical reasons — forcing technical security leaders to transition. And the transition isn't easy. Join us, as Sean shares the lessons he has learned as he moved into the CISO role from technologist. As CISO Stories also focuses on Identity Management this month, we also discuss architecting identities to meet the needs of many different types of users vs a one-size-fits-all approach. Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolut...
Is there really an Information Security Jobs Crisis? - Ben Rothke - CSP #152
December 12, 2023 15:00 - 27 minutes - 37.4 MBAre there really millions of open information security jobs available? Or is much of the numbers hyped up? Join us as we discuss these numbers , boot camps, regional differences, and where these job openings come from. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episod...
Prioritizing Identity and Getting the Fundamentals Right - Bezawit Sumner - CSP #151
December 05, 2023 00:00 - 29 minutes - 67.3 MBPrioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discuss where Bezwit has focused to enhance the identity management process. This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them! This segment is sponsored by Bit...
Do You Really Want to Be a CISO? - Spencer Mott - CSP #150
November 28, 2023 15:00 - 27 minutes - 62.6 MBReaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into. Fitzgerald, T. 2019. Chapter 14. CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC P...
All in One CISO: There Is Nothing We Can't Do - Jessica Hoffman - CSP #149
November 21, 2023 15:00 - 29 minutes - 67.2 MBAs a CISO, the opportunities we must positively cultivate the cybersecurity landscape for our organizations are endless. From driving projects to implementing innovative technologies to strengthening basic cybersecurity hygiene, reshaping the organization's culture, protecting from ransomware, and diversifying the cyber workforce, the CISO is a certified change-maker! Let's get excited about security! This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf...
Building a People-Centric Security Program - Cathy Olsen - CSP #148
November 14, 2023 15:00 - 21 minutes - 40 MBIn security, we can get buried in the tools, standards, issues and risks. But an effective security program is built upon people, process, and technology. Let's talk about how you can approach your security program in a way that is focused on the people who use and manage your company assets and data. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgera...
Veterans Impacting Cybersecurity - David Cross - CSP #147
November 07, 2023 15:00 - 27 minutes - 50.6 MBVeterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis’s, to supporting the organizational mission – Veterans are a resource that is eager to transition to organizations and apply their skills and continuously learn. With Veterans Day upon us, join us as we discuss the strengths of hiring Veterans for the cybersecurity program. Fitzgerald, T. 2019. Chapter 13. Mu...
Should We Be Relying on Our Cybersecurity Risk Matrices? - Doug Hubbard - CSP #146
October 31, 2023 14:00 - 29 minutes - 54.4 MBA key role for the CISO and the team is to identify and plan for mitigation of the most damaging risks. Various approaches have been used over the years with varying levels of success. Are we measuring the right things? Are we using the right instruments? Join us as we discuss some of the flaws present in measuring risk today and considerations to improve our risk management approach. https://www.howtomeasureanything.com/cybersecurity Visit https://securityweekly.com/csp for all the late...
OT Is Not IT But Security Can Handle Both - Mea Clift - CSP #145
October 24, 2023 14:00 - 25 minutes - 46.7 MBJoin us as we discuss the OT security landscape, the solutions for protecting it, and the future of protecting these pieces of critical infrastructure. With attacks to these networks on the rise, it’s important for cybersecurity professionals to acknowledge that they are just as important as information in our protection, and that it requires specific out of the box thinking to secure effectively. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating ...
Effective Communication is Critical for CISO Success - Wes Knight - CSP #144
October 17, 2023 14:00 - 29 minutes - 24.8 MBTechnical people, CISOs included, may have challenges communicating well with executive management due to a different career path evolution . To maximize our success, we must all improve our communication skills with technical and non-technical people. Join us as we discuss some of the nuanced communications and areas to pay closer attention to. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st...
Terminology Matters: Changing 'Cybersecurity' to Data Care - Cyndi Gula, Ron Gula - CSP #143
October 10, 2023 14:00 - 27 minutes - 50.1 MBCybersecurity touches all our lives, however there is a belief that only experts in all of the technical disciplines need to apply. The term ‘cybersecurity’ does not invoke a personal sense of responsibility to care for the protection of data. Join us as we discuss the concept of reframing cybersecurity to “Data Care”, like the concepts used in the healthcare industry to advance personal responsibility as well as to attract people to the field that may not have considered it previously. Vi...
NextGen Security Tooling: Investments in Intelligence - Mike Coogan - CSP #142
October 03, 2023 14:00 - 31 minutes - 27.7 MBSecurity tools have become overwhelming in number, yet companies continue to get breached. With all the recent focus on artificial intelligence, security leaders must avoid neglect of natural intelligence. When your opponent is thinking and adapting to your every move, can you really afford to neglect your most critical defenses? Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https:...
Uber CISO Trial Learnings for CISOs: In the CISO's Own Words - Joe Sullivan - CSP #141
September 26, 2023 14:00 - 40 minutes - 74.7 MBIn the Fall, 2016, Uber experienced a data breach, and the CISO faced the possibility of prison time for felony obstruction and misprison for failure to report the 2016 breach. He was sentenced in May, 2023 to 3 years’ probation. Join the former CISO of Uber as we discuss the events which led to the prosecution case, the results of the trial and aftermath, and the implications for CISOs and what is needed to move the cybersecurity industry forward. This segment is sponsored by Google Chrom...
Managing CyberRisk in a Mid-Cap Company - Walter Lefmann - CSP #140
September 19, 2023 14:00 - 25 minutes - 22.4 MBMidCap enterprise security is challenge – SMB’s have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of defenders. MidCap is at the front lines of "doing more with less"! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on Lin...
Collective Defense: The Importance of Partnerships in Cybersecurity - Jamil Farshchi - CSP #139
September 12, 2023 14:00 - 36 minutes - 32 MBWith cybersecurity emerging as a board-level agenda item, collaboration is becoming increasingly high-stakes and multifaceted. Join us as we examine the opportunities and potential pitfalls of this new era, as well as the skills needed. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for a...
Teams are Built around Key Players Performing Great Functions - Ralston Simmons - CSP #138
September 05, 2023 14:00 - 30 minutes - 27.2 MBSkills can be evolved and provide teams with the necessary talent. Join Ralston as he shares his experiences in recruiting, rotational programs, and supporting the key players with the right support system. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-138
Championship Results: No Bank Breaking or Boat Rocking! - Steve Hunt - CSP #137
August 29, 2023 14:00 - 27 minutes - 24 MBTop-performing CISOs shared with me their hacks for creating a team atmosphere, getting excellent and consistent results, and creating buy-in from management for their budgets, projects, and big ideas. This discussion goes beyond risk management into the realm of performance excellence. Impact Leaders Pod Training for Cyber Teams is a unique 8-week program to up-level performance in information technology professionals and teams. Participants grow leadership, emotional intelligence, teamwork...
Supply Side Security: How to Maintain a Talent Pipeline - Helen Patton - CSP #136
August 22, 2023 14:00 - 28 minutes - 25.4 MBThere are a ton of entry-level candidates for security roles, but we need mid- to late- career cyber candidates to fill our open positions. Hiring managers need to partner with non-security people to build and maintain that pipeline. Let's talk about how to go about getting this done. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborat...
Deploying Zero Trust Without Destroying End User Trust - Mike Zachman, Colin Chisholm - CSP #135
August 15, 2023 16:30 - 26 minutes - 23.5 MBDeploying SASE (Secure Access Service Edge) is a critical step on your Zero Trust journey. It is not without risk, especially to the end user experience. Join us as we discuss our lessons-learned fresh from the deployment trenches. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https...
Security Musings from a Psychotherapeutic Perspective - Mark Eggleston - CSP #134
August 08, 2023 14:00 - 28 minutes - 24.4 MBCome listen in on hearing a CISO's story of going from carpenter to psychotherapist to security leader. The stories told will help anyone working in cyber - from those looking to break into cyber to those who are battle tested and looking for new support or coping strategies. Morin, A. 2017. 13 Things Mentally Strong People Don’t Do. Harper Collins. 13 Things Mentally Strong People Don't Do: Take Back Your Power, Embrace Change, Face Your Fears, and Train Your Brain for Happiness and Succe...
Cyber Risk Governance: The Hype, Hope, & Harsh Reality - John Sapp - CSP #133
August 01, 2023 14:00 - 27 minutes - 23.2 MBCyber Risk Governance or Cyber Risk Management has been an often talked about concept for more nearly two decades yet remains one of the most elusive and sought after outcomes by every C-level executive across every line of business in every industry sector and particularly in the Board room. In this session, we are going to jump into the shoes of the C-level executives and Board members as we describe "what they want" and how we achieve the visual representation of cyber risk in a way that ...
The Tactics of Being Strategic in Cybersecurity - Jason Elrod - CSP #132
July 25, 2023 14:00 - 26 minutes - 22.3 MBDiscussion about what it means to be strategic as a CISO and, more importantly, what specific, tactical steps are you can take to bring that into reality. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: htt...
Protecting the Nation’s Most Sensitive Information & 800-171 Update - Ron Ross - CSP #131
July 18, 2023 14:00 - 27 minutes - 24.2 MBNIST recently released the initial draft of a major update to its cybersecurity guidelines for protecting sensitive unclassified information. The update is intended to help federal agencies and government contractors implement cybersecurity requirements more consistently. The revised draft guidelines, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171 Revision 3), will be of particular interest to the many thousands o...
The Evolution & Portability of the CISO Role - Sheldon Cuffie - CSP #130
July 11, 2023 14:00 - 27 minutes - 33.5 MBAs a function of CISOs responsibilities, the best are multi-faceted leaders that shift between cyber, technical, and business domains in response to shifting cyber-risk landscape. This level of adaptability makes them portable to other CISO roles in different industries, and C-level roles that they may not have thought of and frankly, others may not have thought of for them. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cy...
Being a CISO in Higher Education - Lorna Koppel - CSP #129
July 04, 2023 14:00 - 23 minutes - 20.7 MBAt the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access m...
Being a CISO in Higher Education - Lorna Koppel - CSP #129
July 04, 2023 10:00 - 23 minutes - 11.4 MBAt the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access ma...
Building High Performing Security, RM, & Resilience Teams - Darin Hurd - CSP #128
June 27, 2023 17:00 - 24 minutes - 20.2 MBNavigate the complexities of building high performing teams in security, risk management, and business resilience uncovering the strategy, frameworks and tactics. Join us as we explore the nuances of collaboration, strategy formulation, and innovative thinking that empower these teams to excel in challenging business and risk management environments. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on ...
Deliver High Impact Global Security Programs with Low Ego - Rajesh David - CSP #127
June 20, 2023 14:00 - 29 minutes - 23.6 MBIn today’s hyper connected world how do you create a global cyber program that can deliver locally. You start by creating a culture - a culture rooted to delivering high impact with low ego. Culture eats strategy for breakfast ... Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all t...
Security @ Scale: Building Trust, Starting with Cybersecurity - Rob Duhart Jr. - CSP #126
June 13, 2023 14:00 - 28 minutes - 23.8 MB10,500 storefronts. 2.3 million associates worldwide. $572.8 billion in revenue. Today’s cybersecurity landscape is complex, as attacks can deliver disruption in the blink of an eye. The focus of Walmart’s Information Security team is to secure our operating environment in the service of building and maintaining trust with our customers, associates and stakeholders. To perform at the necessary scale, it takes a village of intelligent associates, a reliance on technologies like automation and...
The Company’s Lawyer is Not Your Lawyer – Legal Self Defense - Larry Dietz - CSP #125
June 06, 2023 14:00 - 27 minutes - 22.8 MBJoe Sullivan has shown all of us that CISOs are on the front lines when it comes to breaches and their legal aftermath. Unfortunately, most CISOs are not attorneys and may not understand the rules of engagement with law enforcement to the point where they may find themselves in legal jeopardy for ‘doing the right thing’. Join Larry Dietz long time cybersecurity professional, attorney and retired US Army Colonel and Todd Fitzgerald for a lively discussion on how to prepare for the legal ramif...
Are We Thinking in the Right Way as CISOs? - Sajan Gautam - CSP #124
May 30, 2023 15:00 - 23 minutes - 21.2 MBCISOs want to enable the business. But sometimes we must stand our ground and explain our position with rationale. So, how do we convince other people to act without telling their baby is ugly? Join us, as we discuss having difficult conversations. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://se...
Using Data to Estimate Cyber Risk Financial Implications - Paul Sand - CSP #123
May 23, 2023 14:00 - 24 minutes - 21.6 MBThe CISO who can speak to the financial implications of cyber risk will be able to successfully work amongst the C-suite and in the board room to prioritize and address cyber initiatives. Building a view of the financial implications of those risks based on real data enhances not only the CISO’s decision-making ability but also the CISO’s credibility with stakeholders. Join us as we take a look at how industry and enterprise data sources can be leveraged to build a view of the financial impl...